[tor-bugs] #26274 [- Select a component]: Deprecate check.tpo and move that functionality to the client

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 2 22:14:53 UTC 2018


#26274: Deprecate check.tpo and move that functionality to the client
--------------------------------------+--------------------
     Reporter:  cypherpunks           |      Owner:  (none)
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+--------------------
 Right now, every time Tor browser starts up, it loads the same page. This
 is a risk for a huge watering hole attack. Compromising that one subdomain
 and serving an exploit will reliably compromise ~100% of Tor users. This
 would only take a single rogue CA (due to HPKP going away), and the
 compromise of one of any number of registrars. If the check is done
 locally client-side, such an exploit would be significantly more difficult
 and would have to exploit the a simple API.

 Unlike the automatic updater which verifies a signature, the only
 signature relied upon by check.tpo is the TLS certificate. The web PKI is
 not ideal for protecting a single centralized page that is automatically
 opened by every Tor user, and only by Tor users.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26274>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list